Malware popups issue

View previous topic View next topic Go down

Re: Malware popups issue

Post by tacobelldog111 on 2nd December 2009, 5:42 pm

Today I noticed that when I open my task manager while one of the random audio ads was playing there are about 15 instances of internet explorer running without any physical browser window actually being open. I generally use firefox and haven't even opened ie in a long time. All the ie's running have names that would suggest they are ads.

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by Belahzur on 2nd December 2009, 8:46 pm

Hmm. I think we may need Combofix, can you try running it again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 2nd December 2009, 9:58 pm

I tried a number of things to get combofix to run, all to no avail. When I started my computer back in normal mode I was met with a windows defender warning telling me I have the trojan FakeVimes and a Destination Folder Acess Denied window telling me I didn't have access to the folder "etc".

Has not getting combofix to run exhausted our options or are there other ways to get it working?

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by Belahzur on 2nd December 2009, 10:42 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\dhbsnxbwptnez

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 2nd December 2009, 11:37 pm

========== FILES ==========
c:\program files\Dhbsnxbwptnez\Log\Visual folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log\Text folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log\Audio folder moved successfully.
c:\program files\Dhbsnxbwptnez\Log folder moved successfully.
c:\program files\Dhbsnxbwptnez folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTM by OldTimer - Version 3.1.2.0 log created on 12022009_183736

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by Belahzur on 3rd December 2009, 1:38 am

How is the machine now? still having problems?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 3rd December 2009, 7:41 am

Yes, doesn't seem like anything's changed.

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 3rd December 2009, 7:59 pm

My computer is now telling me I have UACD.sys

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 3rd December 2009, 8:01 pm

I also seem to have something called "System Defender" installed on my system

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 3rd December 2009, 8:36 pm

Ok, this is currently the situation. I can no longer start my system normally, I have to start in safemode. When I star normally there is a blue screen and it says stuff like "explorer stopped working". In safe mode almost all my regular settings are no longer there. I can't run malware bytes without an error, I tried running combofix and it told me that CFScript was not correct or something.

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by Belahzur on 3rd December 2009, 9:03 pm

What does the MBAM error say?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 3rd December 2009, 9:05 pm

This shortcut is no longer located here, or something. I tried uninstalling and reinstalling and when I try to run mbam I get an hourglass cursor for a moment and then nothing. I have tried renaming the executable, and same thing happened

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 4th December 2009, 1:11 am

Tried some more scanning utilities I have on the machine. nȯne of these will even open: AdAware, Spybot, AVG, HijackThis, MBAM, and Windows Defender

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 4th December 2009, 1:26 am

Finally got HijackThis to work, here's my log. HijackThis kept telling me my system would not allow acess to the host folder

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:52 PM, on 12/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\system.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Temp\setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\secret\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\eqq22vk.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\eqq22vk.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [System Defender] "C:\ProgramData\e17e17e\WSe17e.exe" /s /d
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [raluvizef] Rundll32.exe "c:\windows\system32\juvuselu.dll",a
O4 - HKLM\..\Run: [jawironaza] Rundll32.exe "folajese.dll",s
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\mb-am\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\Windows\TEMP\yjs68wd3.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\Local\Temp\system.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jsh87r3huiehf89esiudgd] C:\Windows\TEMP\yjs68wd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\Local\Temp\system.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\curslib.dll,ribayiro.dll
O20 - Winlogon Notify: __c007EE14 - C:\Windows\system32\__c007EE14.dat
O21 - SSODL: dalelamit - {4d05a1ab-de47-440c-82d5-36ba7554fe9d} - c:\windows\system32\juvuselu.dll
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\eqq22vk.dll
O22 - SharedTaskScheduler: tokatiluy - {4d05a1ab-de47-440c-82d5-36ba7554fe9d} - c:\windows\system32\juvuselu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\Windows\system32\FastNetSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8611 bytes

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware popups issue

Post by Belahzur on 4th December 2009, 1:36 am

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: ::1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: C:\Windows\system32\eqq22vk.dll - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\eqq22vk.dll
    O4 - HKLM\..\Run: [System Defender] "C:\ProgramData\e17e17e\WSe17e.exe" /s /d
    O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
    O4 - HKLM\..\Run: [raluvizef] Rundll32.exe "c:\windows\system32\juvuselu.dll",a
    O4 - HKLM\..\Run: [jawironaza] Rundll32.exe "folajese.dll",s
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\mb-am\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\Windows\TEMP\yjs68wd3.exe
    O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\Local\Temp\system.exe
    O4 - HKUS\S-1-5-18\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [jsh87r3huiehf89esiudgd] C:\Windows\TEMP\yjs68wd3.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Windows\system32\config\systemprofile\AppData\Local\Temp\system.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [calc] rundll32.exe C:\Windows\system32\config\SYSTEM~1\ntuser.dll,_IWMPEvents@0 (User 'Default user')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O20 - AppInit_DLLs: C:\Windows\System32\curslib.dll,ribayiro.dll
    O20 - Winlogon Notify: __c007EE14 - C:\Windows\system32\__c007EE14.dat
    O21 - SSODL: dalelamit - {4d05a1ab-de47-440c-82d5-36ba7554fe9d} - c:\windows\system32\juvuselu.dll
    O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb - {B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - C:\Windows\system32\eqq22vk.dll
    O22 - SharedTaskScheduler: tokatiluy - {4d05a1ab-de47-440c-82d5-36ba7554fe9d} - c:\windows\system32\juvuselu.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware popups issue

Post by tacobelldog111 on 4th December 2009, 8:59 am

In light of what you said and the fact that I already backed up everything on my system I just decided to reformat the drive. Thank you for all your help.

tacobelldog111
Novice
Novice

Posts Posts : 26
Joined Joined : 2009-11-17
OS OS : Vista
Points Points : 26070
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum